Doudou Fall

Assistant Professor of Computer Science

Biography

Doudou Fall is an Assistant Professor of Computer Science at the Laboratory for Cyber Resilience, Nara Institute of Science and Technology (NAIST). His research interests revolve around quantifying the security risk of: cloud computing, the Internet of Things (IoT), Industrial Control Systems, and Cyber-Physical Systems. He also likes to play with security vulnerability data and the Common Vulnerability Scoring System (CVSS). He is currently supervising several Ph.D. and masters students.

Interests

Cybersecurity

Cloud computing

Internet of Things

Industrial Control Systems

Cyber-Physical Systems

Education

Ph.D. in Computer Science, 2015

Nara Institute of Science and Technology

MEng in Computer Science, 2012

Nara Institute of Science and Technology

MEng in Data Transmission and Information Security, 2009

Cheikh Anta Diop University

BSc in Physics, 2007

Cheikh Anta Diop University

Selected Publications

Cloud computing provides many advantages for both the cloud service provider and the clients. It is also infamous for being highly dynamic and for having numerous security issues. The dynamicity of cloud computing implies that dynamic security mechanisms are being employed to enforce its security, especially in regards to access decisions. However, this is surprisingly not the case. Static traditional authorization mechanisms are being used in cloud environments, leading to legitimate doubts on their ability to fulfill the security needs of the cloud. We propose a risk adaptive authorization mechanism (RAdAM) for a simple cloud deployment, collaboration in cloud computing and federation in cloud computing. We use a fuzzy inference system to demonstrate the practicability of RAdAM. We complement RAdAM with a Vulnerability Based Authorization Mechanism (VBAM) which is a real-time autho- rization model based on the average vulnerability scores of the objects present in the cloud. We demonstrated the usefulness of VBAM in a use case featuring OpenStack.

Cloud computing has revolutionized information technology, in that It allows enterprises and users to lower computing expenses by outsourcing their needs to a cloud service provider. However, despite all the benefits it brings, cloud computing raises several security concerns that have not yet been fully addressed to a satisfactory note. Indeed, by outsourcing its operations, a client surrenders control to the service provider and needs assurance that data is dealt with in an appropriate manner. Furthermore, the most inherent security issue of cloud computing is multi-tenancy. Cloud computing is a shared platform where users’ data are hosted in the same physical infrastructure. A malicious user can exploit this fact to steal the data of the users whom he or she is sharing the platform with. To address the aforementioned security issues, we propose a security risk quantification method that will allow users and cloud com- puting administrators to measure the security level of a given cloud ecosystem. Our risk quantification method is an adaptation of the fault tree analysis, which is a modeling tool that has proven to be highly effective in mission-critical systems. We replaced the faults by the probable vulnerabilities in a cloud system, and with the help of the common vulnerability scoring system, we were able to generate the risk formula. In addition to addressing the previously men- tioned issues, we were also able to quantify the security risks of a popular cloud management stack, and propose an architecture where users can evaluate and rank different cloud service providers.